1. Field of the Invention
The present invention generally relates to the field of information management technology, and more specifically, to the field of enterprise document management for protecting sensitive information.
2. Description of the Related Art
As computers and networks become more proliferated, powerful, and affordable, a growing number of enterprises are using both to perform critical tasks and manage sensitive information. However, the convenience provided by computers and networks is leading to easy duplication and distribution of sensitive information. Often, multiple copies of documents containing sensitive information (hereinafter called “sensitive documents”) find their way to endpoints of the network, for example in CD-ROMs, in memory sticks, and in other media. It is noted that sensitive document contains, for example, highly confidential information to which access is typically highly restricted.
The proliferation of information makes it harder to protect sensitive information, and gives people with malicious intent more opportunities to access such sensitive information and to leak it out to unintended parties. Industry researches generally indicate that leakage and theft of sensitive information causes more damage to organizations all over the world than security breaches by outsiders. Hence, leakage and theft of sensitive information presents a very significant security threat.
This information leakage problem is further highlighted by regulations such as the Sarbanes-Oxley Act. Besides the significant accounting and control requirements imposed on publicly owned companies, the Act created a new oversight board for accounting firms auditing publicly traded companies (PCAOB). The PCAOB established auditing standards, including Standard 2, which recognized that senior management cannot simply certify controls on the system. Rather, controls also have to track and manage the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system. As a result, there are high demands for enterprise document management for protecting sensitive information.
One conventional approach to monitor and manage sensitive information in an enterprise network is to store highly sensitive information in a secured computer, accessible only to authorized personals, and closely manage and monitor accesses to the secured computer. When documents containing such information need to be duplicated or circulated, those seeking access typically follow secure administration procedures (or policies) to prevent unauthorized access. However, this approach is inadequate because the administration procedures are difficult to manage. Such procedures require extensive education and enforcement, and also can be quite costly to implement and monitor. Also, these procedures often are ineffective because it is cumbersome for people to review and modify the sensitive documents on the secured computer. Therefore, people tend to work on the secured documents in their own computers. However, once the sensitive documents leave the secured computer, the secured approach is no longer applicable, and the procedures become ineffective.
Another conventional approach to monitor sensitive information in an enterprise network is to monitor network traffic within the network. A network sniffer or monitor device is attached on a router within the network, and analyzes network traffic. Sensitive data content is then identified and filtered out by the network sniffer. This approach is inadequate in that it cannot analyze encrypted network traffic. For example, any network traffic using the Hyper Text Transfer Protocol (HTTP) over Secure Socket Layer (SSL) protocol is encrypted for security, and cannot be monitored for sensitive information. Also, because information inspection by the network sniffer takes time, data going through the router is slowed down, affecting the network performance.
Thus, there is a need for a system and method that provides a highly effective solution for users to monitor and manage sensitive information within an enterprise network.